Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for controlling access to application-specific operations performed by an application, comprising the steps of: receiving privilege information at a server that is distinct from the application; causing the server to determine, based on the privilege information, whether a particular application-specific operation is allowed under a particular set of conditions; and causing the server to communicate to the application an indication of whether the particular application-specific operation is allowed under said particular set of conditions.
2. The method of claim 1 wherein the step of receiving privilege information includes receiving, at said server, first data that describes a first set of privileges for performing a first plurality of application-specific operations.
3. The method of claim 2 wherein the step of receiving privilege information further includes receiving, at said server, second data that associates users of the application with one or more privileges in the first set of privileges.
4. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 3 .
5. The method of claim 2 , said step of managing the cache further comprising the step of storing in the cache data indicating a type of data item associated with each user.
6. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 5 .
7. The method of claim 2 , wherein the first set of privileges forms a first hierarchy of two or more levels of privileges.
8. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 7 .
9. The method of claim 1 further comprising the steps of: in response to receiving, at the server from the application, a request that indicates a particular user and a particular application-specific operation, determining whether the particular user may have the application perform the particular application-specific operation based on the privilege information; and wherein the step of causing the server to communicate to the application an indication includes the step of sending to the application a response that indicates whether the particular user may have the application perform the particular application-specific operation.
10. The method of claim 9 , wherein: said step of receiving privilege information further comprises receiving first data that associates a first set of privileges with a first type of data items upon which the plurality of application-specific operations operate; and said step of receiving the request further comprises receiving a request that also indicates a particular data item; and said step of determining whether the particular user may have the application perform the particular application-specific operation further comprises determining whether the particular data item is a member of the first type of data items.
11. The method of claim 10 , wherein: the method further comprises receiving, at the server, second data that describes a second set of privileges for performing a second plurality of application-specific operations on a second type of data items that is different than said first type of data items; and said step of determining whether the particular user may have the application perform the particular application-specific operation is based, in part, on the particular type of the particular data item.
12. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 11 .
13. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 10 .
14. The method of claim 9 , said step of determining whether the particular user may have the application perform the particular application-specific operation further comprising the step of managing a cache in fast memory for storing information that associates each of one or more users with one or more privileges in each of one or more sets of privileges.
15. The method of claim 14 , said step of managing the cache further comprising the step of storing in the cache a bitmap for each user, wherein: each set of privileges forms a hierarchy of one or more levels of privileges; each different position in the bitmap corresponds to one different leaf node in each hierarchy of the one or more sets of privileges; and a leaf node is a node of a hierarchy that does not have any child node.
16. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 15 .
17. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 14 .
18. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 9 .
19. The method of claim 1 , said step of receiving privilege information comprises receiving a document in extensible markup language (XML).
20. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 19 .
21. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 1 .
22. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 2 .
23. A method for controlling access to application-specific operations performed by an application, comprising the steps of: communicating privilege information to a server that is distinct from the application; sending a request, from the application to the server, for the server to determine, based on the privilege information, whether a particular application-specific operation is allowed under a particular set of conditions; receiving from the server an indication of whether the particular application-specific operation is allowed under said particular set of conditions; and the application only allowing the particular application-specific operation if the server indicated that the application-specific operation was allowed under said particular set of conditions.
24. The method of claim 23 wherein: the step of communicating privilege information to a server includes: sending, to a server distinct from the application, first data that describes a first set of privileges for performing a first plurality of application-specific operations; and sending to the server second data that associates a first user of the application with a privilege in the first set of privileges.
25. The method of claim 24 , wherein: said step of sending the first data further comprises sending first data that also associates the first set of privileges with a first type of data items upon which the plurality of application-specific operations operate; and said step of sending the request further comprises sending the request that also indicates a particular data item; and said step of receiving the response based on the first data and the second data further comprises receiving the response also based on whether the particular data item is a member of the first type of data items.
26. The method of claim 25 , wherein: the method further comprises sending to the server third data that describes a different second set of privileges for performing a second plurality of application-specific operations on a different second type of data items; and said step of sending the second data further comprises sending second data that also associates a second user of the application with a privilege in the second hierarchy of privileges; and said step of receiving the response based on the first data and the second data further comprises receiving the response also based on whether a particular type of the particular data item is associated with a particular set of privileges for a particular plurality of application-specific operations that include the particular application-specific operation.
27. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 26 .
28. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 25 .
29. The method of claim 24 , wherein the application does not manage a cache in fast memory for storing information that associates each of one or more users with one or more privileges in each of one or more sets of privileges including the first set of privileges.
30. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 29 .
31. The method of claim 24 , wherein the first set of privileges forms a first hierarchy of two or more levels of privileges.
32. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 31 .
33. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 24 .
34. The method of claim 23 further comprising the steps of: receiving at the application a command from a particular user, which command involves the application performing a particular application-specific operation; sending to the server a request that indicates the particular user and the particular application-specific operation; wherein the step of receiving from the server an indication of whether the particular application-specific operation is allowed under said particular set of conditions includes receiving from the server a response that indicates whether the particular user may have the application perform the particular application-specific operation based on the first data and the second data; and performing the particular application-specific operation only if the response indicates the particular user may have the application perform the particular application-specific operation.
35. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 34 .
36. The method of claim 23 , said step of communicating privilege information further comprises sending a document in extensible markup language (XML).
37. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 36 .
38. A computer-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 23 .
Unknown
March 28, 2006
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.